House Committee forwards legislation for State Dept. bug bounty

Jonathan Alboum, former USDA CIO and Veritas Public Sector CTO, discusses the “Hack Your State Department” bill and how regular bug bounties could help to secure government systems.

The State Department is one step closer to instituting a bug bounty plan. A piece of bipartisan legislation would require the agency to run a pilot program, opening some computer systems to hackers and cybersecurity researchers in order to discover tech issues. Private sector bug bounties regularly resolve problems and locate security holes. Jonathan Alboum, Public Sector CTO at Veritas, said that in this case, letting hackers into government networks isn’t as scary as it sounds.

“It’s not open season for anyone who calls themselves an ethical hacker to go after State Department systems… These folks are vetted. They work through an organization that is run by the State Department, and they will have guardrails around them about systems they go after and what they do when they find defects,” said Alboum.

“I think the real challenge for the organization that’s implementing it, the State department in this case, is when you learn about things and they are serious things, how do you reallocate resources to go about making appropriate fixes. I think it is one of the challenges for any organization entering into this. Once you know about a problem, you are duty‑bound to fix it. It’s just not as simple as fixing it, we have resources programmed and projects going on, you have to have the right mentality around ongoing application development and DevOps for it to be successful.”